By reinstall you mean the OS, correct? As for backing up ISPConfig to transfer to a fresh OS installation, would I be best off to create a tarball of my admispconfig/ and www/ directories in the /home/ directory?

You will need a backup of /home/ /var/ /root/ispconfig and /etc because you will need the passd, sahdow and group file. And this is the biggets problem as your passwords might be compromised. Also if you put your websies back online without finding the security hole that the hacker had used, you might get hacked again very fast.

So if possible, you start either with a fresh installation of ISPConfig and recreate the accounts and move just the conetnt of the websites and databases or use the data from a backup thatw as made before the hack.

As for the backup, do I use the backup tool from the Management tab or from the Tools tab? Will one of those back up allow me to restore EVERYTHING once I reinstall the OS, re-install a clean version of ISPConfig, and then restore the backup and have everything there?

As for the backup, do I use the backup tool from the Management tab or from the Tools tab? Will one of those back up allow me to restore EVERYTHING once I reinstall the OS, re-install a clean version of ISPConfig, and then restore the backup and have everything there?

Click to expand...

You can not use the ISPConfig backup tools to make a full backup. Please have a look at the link to the thread I posted above.

hey just a few answers.. r00t is his g-mail name its like db.r00t something .. in a nutshell it happened because you allowed upload or attachments or avatar uploads in your phpbb.. ahh ya say.. I know I just cleaned it all out.. check your modules/forums/cache/ folder.. you will see all sorts of goodies in there.. attach_config.php.. thats it.. thats the only thing thats suspose to be in there all of the other stuff you see delete.. including those folders.. do not go by the creation date.. if you read one of the net.php folders you can take apart what happened.. just read anong.. you were attacked by a script kiddy anyway you will have to do all that in your winscp editor .. then check all your 777 file folders.. for files called.. oh anything really mostly .. version or r00t those will be locked .. then file names in the 777 folders like includes.php errors.php net.php

Yes but I'm not talking about me but for my clients. I cannot always look at what they install from time to time, that's why I ask if by using an updated system along with PHP's safe mode can give you enough protection against exploits.